(trufflesecurity.com)

199 points elza_1111 | 1 comments | 03 Jul 25 06:44 UTC | HN request time: 0s | source

Show context

UnreachableCode ◴[03 Jul 25 07:54 UTC] No.44452675[source]▶

What I've never understood is, how is this an issue with private repos? Aside from open source projects I can't see the problem with accidentally doing this, even though it is a smell.

replies(5): >>44452714 #>>44452733 #>>44452828 #>>44453249 #>>44453819 #

cess11 ◴[03 Jul 25 08:01 UTC] No.44452714[source]▶

>>44452675 #

It's called private but actually shared with a very large corporation you don't control, likely running on infrastructure they don't control. Due to the CLOUD Act it's also shared with the US government.

replies(2): >>44452908 #>>44452931 #

bapak ◴[03 Jul 25 08:35 UTC] No.44452908[source]▶

>>44452714 #

Secrets gotta live somewhere. Are you supplying them every time you deploy or run CI?

replies(3): >>44453051 #>>44453088 #>>44455627 #

1. UltraSane ◴[03 Jul 25 14:47 UTC] No.44455627{3}[source]▶

>>44452908 #

I like to encrypt secrets with a master secret stored in a TPM. This makes it impossible to accidentally leak the secret.

↑

I scanned all of GitHub's "oops commits" for leaked secrets